Candidate: CVE-2017-7448
PublicDate: 2017-04-05 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7448
Description:
 The allocate_channel_framebuffer function in uncompressed_components.hh in
 Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service
 (divide-by-zero error and application crash) via a malformed JPEG image.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/dropbox/lepton/issues/86
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859714
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_lepton:
 upstream: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
upstream_lepton: released (1.2.1-3)
precise_lepton: DNE
precise/esm_lepton: DNE
trusty_lepton: DNE
trusty/esm_lepton: DNE
vivid/stable-phone-overlay_lepton: DNE
vivid/ubuntu-core_lepton: DNE
xenial_lepton: DNE
yakkety_lepton: ignored (reached end-of-life)
zesty_lepton: ignored (reached end-of-life)
artful_lepton: ignored (reached end-of-life)
bionic_lepton: not-affected (1.2.1+20170405-3build1)
cosmic_lepton: not-affected (1.2.1+20170405-3build1)
devel_lepton: not-affected (1.2.1+20170405-3build1)